Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 26 subscribers
  • Views 675 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Syslog error - what would cause these?

K M

We are getting these in random intervals on our syslog server (image attached).  Does anyone know what might be causing these?



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi  

    Thank you for reaching out to the Community! 

    Is there any IPsec VPN connection on the XG firewall with IP address 54.39.215.32 as a remote gateway? The event logs indicate a firewall is failing to establish an IPsec connection with the IP address 54.39.215.32, and it could be due to the preshared key mismatch. 

    Thanks,

  • 0 in reply to FormerMember

    The only VPN we use is the SSL VPN and that IP is not familiar (it is in Canada and we are not).  Is there something I need to review to stop this as a potential threat?

  • FormerMember
    0 FormerMember in reply to K M

    Hi  

    Was there any IPsec connection configured in the past on this firewall? Or do you have a connect client configured on your firewall? 

    Could you please confirm if you see this traffic on UDP port 500? 

    You could configure the blackhole DNAT rule to avoid getting these log entries for UDP port 500.

    Check out the following KBA for more info: Sophos XG: Creating a blackhole DNAT.

    Thanks,

  • 0 in reply to FormerMember

    Ah - we did try Connect Client to test it as an "always-on" VPN, but it had major issues for us.  Looks like we forgot to disable it.  Thanks.

Reply Children